Managing Identity and Access in the Defence Environment

Information in the defence environment is managed across many separate networks and a variety of system resources by a diverse, often dynamic, population of users. The information is distributed across different classification levels and information at a particular classification level may be subject to further caveat separation restrictions. It is both a requirement and a challenge in this environment to ensure that the information and the system resources are used and managed to support operations effectively, but in compliance with established security policies. Enforcing security policies in this environment requires the capability to manage the identities and access privileges of users and administrators in a trusted manner. Two innovative technologies have recently evolved that, when used collaboratively, provide this capability in support of security policy enforcement. One is Public Key Infrastructure (PKI) technology, and the other is Privilege Management Infrastructure (PMI) technology. This paper presents the results of initial studies undertaken to determine how these two technologies can be combined in a content-based information security model to enable the enforcement of trusted multi-caveat separation and, eventually, multi-level security for this environment. TRUNCATED